Issues Detected by SonarLint Missing in SonarQube Analysis Results

SonarQube
, ,
1

SonarLint correctly detects C++ issues but SonarQube does not.

Sonar Scanner: 5.0.1
SonarQube Server: 9.9.0

The project uses the default C and C++ Quality Profiles. And Quality gate is set to Sonar way BUILT IN.

For example the following issues only caught by SonarLint:

  • Replace “.” with “::” for access to “delay::wait”. sonarlint(cpp:S2209)
  • Complete the task associated to this “todo” comment. sonarlint(cpp:S1135)
  • Use the init-statement to declare “foo” inside the if statement. [+1 location] sonarlint(cpp:S6004)

Aren’t these rules enabled in default quality profiles? Is there a reason why SonarQuve doesn’t show them?

Steps: CI pipeline

  script:
    - mkdir -p .sonar
    - build-wrapper-linux-x86-64 --out-dir .sonar/bw-output cmake --workflow --preset tests-gcc
    - cmake --build --preset tests-gcc --target sonarqube-coverage
    - sonar-scanner
        -Dsonar.cfamily.build-wrapper-output=.sonar/bw-output
        -Dsonar.coverageReportPaths=output/build/Debug/tests-gcc/sonarqube.xml
        -Dsonar.qualitygate.wait=true

Logs:
SonarScanLogs.txt (9.8 KB)

2

Hi,

The log you’ve provided is for a pull request analysis:

INFO: Auto-configuring pull request '69'

PR analysis only reports on the files/lines changed in the PR. So do these “missing” issues occur in lines changed in the PR or outside the PR scope?

 
Thx,
Ann

3

Hi Ann,

The issues reported missing occur in lines changed in the PR.

Furthermore, I’ve discovered additional examples where SonarQube failed to detect similar issues, and these lines were merged into the main branch.

Thanks
Murat

7

Hi @mkilivan,

  • On which files are the issues that are detected only by SonarLint? Can you provide the full path of a file with the missing issue and the verbose scanner log(with -X option)?

  • Is it a source or header file?
    If source, are they compiled by the command you are providing to build-wrapper?
    if header, are these headers included in a source file compiled by the command you are prociding to build-wrapper?

  • Is the command provided to build-wrapper build your project from scratch? Is it a clean build?

  • Are you setting the sonar.tests scanner property?

Thanks,

1 Like
8

@mkilivan, any update?